Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View
Contact Us See a demo

Overview of UAE Data Protection Law

uae data protection law banner
Published December 27, 2021
Author

Maria Khan

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/E

Listen to the content

This post is also available in: Brazilian Portuguese

In November 2021 His Highness Sheikh Khalifa bin Zayed Al Nahyan, the President of the United Arab Emirates, approved Federal Decree-Law No 45 2021 on Protection of Personal Data (PDPL).Its purpose is in line with several other data protection laws that have been drafted and enacted in other parts of the world. It is a comprehensive law that deals with data privacy and the rights of UAE citizens over how they choose to share their data with data handlers.

The law is part of the UAE’s grander “Principles of the 50” - a charter of 10 strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.

Who’s Supposed To Comply

Like the GDPR, the PDPL is explicit in singling out which businesses are supposed to comply with the legislation.

As per Article 2(1) of the PDPL, all businesses registered in the UAE that are processing personal data of data subjects inside or outside the UAE are supposed to comply with the PDPL. Moreover, companies that are collecting data on UAE residents on behalf of other organisations have to follow this law just the same.

Under Article 2(2), there are certain entities exempt from the provisions of the new law, such as government data, public entities’ data, health and credit data subject to their own dedicated legislation, and most importantly, entities established within the free zones such as the DIFC and ADGM that have their own data protection laws.

Businesses that are part of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) free zones but process data on behalf of companies that are not a part of the DIFC and ADGM are also covered by the law in limited cases.

What Data Is Covered?

The PDPL is explicit in protecting all data subjects’ collected personal and sensitive data. The following data is covered under the UAE’s new data protection law:

  • Name
  • Voice
  • Picture
  • Identification number
  • Race
  • Ethnicity
  • Religion
  • Sexual preference
  • Biometric data
  • Criminal record
  • Health records
  • Geographical location

What Rights Do Data Subjects Have?

Under the new PDPL, all users, or data subjects in UAE have certain rights that a data handler is required to ensure under any and all circumstances. These include:

Right to Access Information

All data subjects have the right to know what data or information a business has collected on them. Similarly, the data subject can request to know why the data was collected, where the data is stored, what safety precautions are being taken to protect their data, and what actions will be taken in the event of a data breach.

Right to Data Portability

Similar to having the right to access their information, all data subjects have the right to receive any and all such information in an easy-to-read and transferable format that can be easily accessed across all major platforms and mediums.

Right to Restricting Processing

All data subjects have the right to restrict any business from processing any further data related to them. It is the business's responsibility to ensure no further data is collected on the data subject  once they have exercised this claim.

Right to Erasure of Data

All data subjects have the right to request any business to delete any and all data that may have been collected on the data subject.

Right to Object to Automated Processing

All data subjects have the right to restrict a business from using any and all data collected on the data subject to aid automated decision-making that may affect the data subject.

Right to Rectification

All data subjects have the right to request a data handler to change, amend, or modify data collected on data subjects in case it is outdated, incomplete, or incorrect.

Penalties For Non-Compliance

This is arguably the most ambiguous part of the new PDPL. Unlike most data protection laws, the PDPL is not explicit about what penalties will be imposed on companies that are found to be non-compliant with the provisions of the new law.

As things stand, the Council of Ministers and the courts will recommend appropriate administrative fines for any business found breaching any of the new law’s provisions. There are plans to introduce standardized penalties for such breaches via Executive Regulation that will be carried out by the UAE Data Office once the law officially comes into effect on January 2, 2022.

For a detailed understanding of the UAE’s PDPL, please also refer to our comprehensive article on the PDPL here.

How Can Securiti Help?

Users across the world are becoming increasingly conscious and vocal about their rights to data privacy and data protection. Naturally, legislations are being drafted globally that would mandate businesses to undertake proactive measures to ensure all data collected on data subjects is not only protected but also gained with appropriate consent.

Simultaneously, the sheer volume of data being processed renders it necessary for businesses to turn towards automated solutions to guarantee compliance with the various data protection laws globally.

Securiti prides itself on its pioneer data-driven PrivacyOps framework that offers multiple artificial intelligence and machine learning-powered tools meant to ensure data compliance for businesses of all sizes. Request a demo today to see these tools in action and see for yourself how Securiti can help you achieve PDPL compliance at the click of a button.

Analyze this article with AI

ChatGPT Claude Perplexity Grok
Prompts open in third-party AI tools.
Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share
More Stories that May Interest You
Dubai Data Protection Law banner View More
July 18, 2023
New Dubai Data Protection Law
In this era where data privacy regulations are sprouting up almost daily, another city has taken data privacy rights into consideration and devised a...
South Africa’s POPIA View More
December 27, 2021
UAE PDPL
UAE Personal Data Protection Law (PDPL) The UAE Cabinet issued its highly anticipated Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal...
UAE Data Protection Law Compliance Checklist banner View More
December 24, 2021
UAE Data Protection Law Compliance Checklist
The United Arab Emirates (UAE) recently passed the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) in November 2021....
Please enter a minimum of 3 characters to begin your search.
Videos
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
October 17, 2023
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 50:52
From Data to Deployment: Safeguarding Enterprise AI with Security and Governance
Watch Now View
Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Latest
View More
September 30, 2025
Securiti and Databricks: Putting Sensitive Data Intelligence at the Heart of Modern Cybersecurity
Securiti is thrilled to partner with Databricks to extend Databricks Data Intelligence for Cybersecurity. This collaboration marks a pivotal moment for enterprise security, bringing...
Shrink The Blast Radius: Automate Data Minimization with DSPM View More
August 27, 2025
Shrink The Blast Radius
Recently, DaVita disclosed a ransomware incident that ultimately impacted about 2.7 million people, and it’s already booked $13.5M in related costs this quarter. Healthcare...
View More
October 13, 2025
Navigating China’s AI Regulatory Landscape in 2025: What Businesses Need to Know
A 2025 guide to China’s AI rules - generative-AI measures, algorithm & deep-synthesis filings, PIPL data exports, CAC security reviews with a practical compliance...
View More
October 7, 2025
All You Need to Know About Ontario’s Personal Health Information Protection Act 2004
Here’s what you need to know about Ontario’s Personal Health Information Protection Act of 2004 to ensure effective compliance with it.
Maryland Online Data Privacy Act (MODPA) View More
October 6, 2025
Maryland Online Data Privacy Act (MODPA): Compliance Requirements Beginning October 1, 2025
Access the whitepaper to discover the compliance requirements under the Maryland Online Data Privacy Act (MODPA). Learn how Securiti helps ensure swift compliance.
Retail Data & AI: A DSPM Playbook for Secure Innovation View More
September 30, 2025
Retail Data & AI: A DSPM Playbook for Secure Innovation
The resource guide discusses the data security challenges in the Retail sector, the real-world risk scenarios retail businesses face and how DSPM can play...
DSPM vs Legacy Security Tools: Filling the Data Security Gap View More
September 30, 2025
DSPM vs Legacy Security Tools: Filling the Data Security Gap
The infographic discusses why and where legacy security tools fall short, and how a DSPM tool can make organizations’ investments smarter and more secure.
Operationalizing DSPM: 12 Must-Dos for Data & AI Security View More
September 22, 2025
Operationalizing DSPM: 12 Must-Dos for Data & AI Security
A practical checklist to operationalize DSPM—12 must-dos covering discovery, classification, lineage, least-privilege, DLP, encryption/keys, policy-as-code, monitoring, and automated remediation.
The DSPM Architect’s Handbook View More
June 16, 2025
The DSPM Architect’s Handbook: Building an Enterprise-Ready Data+AI Security Program
Get certified in DSPM. Learn to architect a DSPM solution, operationalize data and AI security, apply enterprise best practices, and enable secure AI adoption...
Gencore AI and Amazon Bedrock View More
January 7, 2025
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
What's
New